7b2880d191
this changes most visble uses of master/slave terminology in tests.sh
and most uses of 'type master' or 'type slave' in named.conf files.
files in the checkconf test were not updated in order to confirm that
the old syntax still works. rpzrecurse was also left mostly unchanged
to avoid interference with DNSRPS.
(cherry picked from commit e43b3c1fa1)
155 lines
2.9 KiB
Plaintext
155 lines
2.9 KiB
Plaintext
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
// NS4
|
|
|
|
key rndc_key {
|
|
secret "1234abcd8765";
|
|
algorithm hmac-sha256;
|
|
};
|
|
|
|
controls {
|
|
inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
|
};
|
|
|
|
key "sha1" {
|
|
algorithm "hmac-sha1";
|
|
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
|
};
|
|
|
|
key "sha224" {
|
|
algorithm "hmac-sha224";
|
|
secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
|
|
};
|
|
|
|
key "sha256" {
|
|
algorithm "hmac-sha256";
|
|
secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
|
|
};
|
|
|
|
key "keyforview1" {
|
|
algorithm "hmac-sha1";
|
|
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
|
|
};
|
|
|
|
key "keyforview2" {
|
|
algorithm "hmac-sha1";
|
|
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
|
|
};
|
|
|
|
dnssec-policy "test" {
|
|
keys {
|
|
csk key-directory lifetime 0 algorithm 14;
|
|
};
|
|
};
|
|
|
|
options {
|
|
query-source address 10.53.0.4;
|
|
port @PORT@;
|
|
pid-file "named.pid";
|
|
listen-on { 10.53.0.4; };
|
|
listen-on-v6 { none; };
|
|
recursion no;
|
|
dnssec-policy "test";
|
|
};
|
|
|
|
view "inherit" {
|
|
match-clients { key "sha1"; };
|
|
|
|
/* Inherit dnssec-policy 'test' */
|
|
zone "inherit.inherit.signed" {
|
|
type primary;
|
|
file "inherit.inherit.signed.db";
|
|
};
|
|
|
|
/* Override dnssec-policy */
|
|
zone "override.inherit.signed" {
|
|
type primary;
|
|
dnssec-policy "default";
|
|
file "override.inherit.signed.db";
|
|
};
|
|
|
|
/* Unset dnssec-policy */
|
|
zone "none.inherit.signed" {
|
|
type primary;
|
|
dnssec-policy "none";
|
|
file "none.inherit.signed.db";
|
|
};
|
|
};
|
|
|
|
view "override" {
|
|
match-clients { key "sha224"; };
|
|
dnssec-policy "default";
|
|
|
|
/* Inherit dnssec-policy 'test' */
|
|
zone "inherit.override.signed" {
|
|
type primary;
|
|
file "inherit.override.signed.db";
|
|
};
|
|
|
|
/* Override dnssec-policy */
|
|
zone "override.override.signed" {
|
|
type primary;
|
|
dnssec-policy "test";
|
|
file "override.override.signed.db";
|
|
};
|
|
|
|
/* Unset dnssec-policy */
|
|
zone "none.override.signed" {
|
|
type primary;
|
|
dnssec-policy "none";
|
|
file "none.override.signed.db";
|
|
};
|
|
};
|
|
|
|
view "none" {
|
|
match-clients { key "sha256"; };
|
|
dnssec-policy "none";
|
|
|
|
/* Inherit dnssec-policy 'none' */
|
|
zone "inherit.none.signed" {
|
|
type primary;
|
|
file "inherit.none.signed.db";
|
|
};
|
|
|
|
/* Override dnssec-policy */
|
|
zone "override.none.signed" {
|
|
type primary;
|
|
dnssec-policy "test";
|
|
file "override.none.signed.db";
|
|
};
|
|
|
|
/* Unset dnssec-policy */
|
|
zone "none.none.signed" {
|
|
type primary;
|
|
dnssec-policy "none";
|
|
file "none.none.signed.db";
|
|
};
|
|
};
|
|
|
|
view "example1" {
|
|
match-clients { key "keyforview1"; };
|
|
|
|
zone "example.net" {
|
|
type primary;
|
|
file "example1.db";
|
|
};
|
|
};
|
|
|
|
view "example2" {
|
|
match-clients { key "keyforview2"; };
|
|
|
|
zone "example.net" {
|
|
type primary;
|
|
file "example2.db";
|
|
};
|
|
};
|